mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add explicit renewal flag for certiude request
This commit is contained in:
parent
7b1dae0901
commit
79aa1e18c0
@ -62,8 +62,9 @@ ExecStart=%s request
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
@click.command("request", help="Run processes for requesting certificates and configuring services")
|
@click.command("request", help="Run processes for requesting certificates and configuring services")
|
||||||
|
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
|
||||||
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
||||||
def certidude_request(fork):
|
def certidude_request(fork, renew):
|
||||||
if not os.path.exists(const.CLIENT_CONFIG_PATH):
|
if not os.path.exists(const.CLIENT_CONFIG_PATH):
|
||||||
click.echo("No %s!" % const.CLIENT_CONFIG_PATH)
|
click.echo("No %s!" % const.CLIENT_CONFIG_PATH)
|
||||||
return 1
|
return 1
|
||||||
@ -177,7 +178,8 @@ def certidude_request(fork):
|
|||||||
endpoint_common_name,
|
endpoint_common_name,
|
||||||
insecure=endpoint_insecure,
|
insecure=endpoint_insecure,
|
||||||
autosign=True,
|
autosign=True,
|
||||||
wait=True)
|
wait=True,
|
||||||
|
renew=renew)
|
||||||
break
|
break
|
||||||
except requests.exceptions.Timeout:
|
except requests.exceptions.Timeout:
|
||||||
retries -= 1
|
retries -= 1
|
||||||
|
@ -17,7 +17,7 @@ from configparser import ConfigParser
|
|||||||
from cryptography import x509
|
from cryptography import x509
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
|
||||||
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, insecure=False):
|
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
|
||||||
"""
|
"""
|
||||||
Exchange CSR for certificate using Certidude HTTP API server
|
Exchange CSR for certificate using Certidude HTTP API server
|
||||||
"""
|
"""
|
||||||
@ -28,8 +28,6 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
|||||||
if wait:
|
if wait:
|
||||||
request_params.add("wait=forever")
|
request_params.add("wait=forever")
|
||||||
|
|
||||||
renew = False # Attempt to renew if certificate has expired
|
|
||||||
|
|
||||||
# Expand ca.example.com
|
# Expand ca.example.com
|
||||||
scheme = "http" if insecure else "https" # TODO: Expose in CLI
|
scheme = "http" if insecure else "https" # TODO: Expose in CLI
|
||||||
authority_url = "%s://%s/api/certificate/" % (scheme, server)
|
authority_url = "%s://%s/api/certificate/" % (scheme, server)
|
||||||
@ -166,6 +164,7 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
|||||||
renew = True
|
renew = True
|
||||||
else:
|
else:
|
||||||
click.echo("Found valid certificate: %s" % certificate_path)
|
click.echo("Found valid certificate: %s" % certificate_path)
|
||||||
|
if not renew: # Don't do anything if renewal wasn't requested explicitly
|
||||||
return
|
return
|
||||||
|
|
||||||
# If machine is joined to domain attempt to present machine credentials for authentication
|
# If machine is joined to domain attempt to present machine credentials for authentication
|
||||||
|
Loading…
Reference in New Issue
Block a user